Big Sur - Disable Trivial File Tansfer Protocol Service

Information

If the system does not require Trivial File Tansfer Protocol (TFTP), support it is non-essential and _MUST_ be disabled.

The information system _MUST_ be configured to provide only essential capabilities. Disabling TFTP helps prevent the unauthorized connection of devices and the unauthorized transfer of information.

NOTE: TFTP service is disabled at startup by default macOS.

Solution

[source,bash]
----
/bin/launchctl disable system/com.apple.tftpd
----
The system may need to be restarted for the update to take effect.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-3, 800-53|AC-17, 800-53|IA-5(1), 800-53|IA-5(1)(c), CCE|CCE-85391-1, CCI|CCI-000197, STIG-ID|APPL-11-002038

Plugin: Unix

Control ID: b9c45a82e2b19d61539050e01c3be03018cef88aa9bac8aebe77036ef3f48e6a